CVE-2026-7787
Analyzed Analyzed - Analysis Complete

Authentication Bypass in IBM Langflow OSS

Vulnerability report for CVE-2026-7787, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-11

Last updated on: 2026-06-16

Assigner: IBM Corporation

Description

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-11
Last Modified
2026-06-16
Generated
2026-07-01
AI Q&A
2026-06-11
EPSS Evaluated
2026-06-30
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
langflow langflow From 1.0.0 (inc) to 1.9.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-7787 is a vulnerability in IBM Langflow OSS versions 1.0.0 through 1.9.1 that allows unauthenticated attackers to access or modify sensitive information by bypassing authentication.

The issue arises from a session ID namespace bypass in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint. Specifically, the inputs.session parameter can override the session ID used during flow execution.

When a public flow contains a Memory (Message History) component with an empty session_id field, it uses the caller-supplied session ID without proper isolation. Because the public build_public_tmp path does not enforce session namespacing, unauthenticated users can provide arbitrary session IDs and retrieve stored chat history.

This vulnerability is exploitable against sessions created through the authenticated POST /api/v1/run/{flow_id} path, where the default session_id matches the flow UUID, making target sessions predictable.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive information, such as other users' chat history stored in Langflow OSS.

Because attackers can bypass authentication and retrieve or modify sensitive data, this poses a significant security risk.

The CVSS base score of 7.5 indicates a high severity impact, emphasizing the potential damage from unauthorized data exposure.

There are no available workarounds, so affected users must upgrade to Langflow OSS version 1.9.2 or later to mitigate this risk.

Detection Guidance

This vulnerability involves an insecure direct object reference in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint, where the inputs.session parameter can override the session ID, allowing unauthorized access to chat history.

Detection would involve monitoring or testing this specific API endpoint for unauthorized access attempts by sending crafted POST requests with arbitrary session IDs to see if chat histories can be retrieved without proper authentication.

No specific detection commands or tools are provided in the available resources.

Mitigation Strategies

IBM strongly recommends upgrading Langflow OSS to version 1.9.2 or later to remediate this issue.

No workarounds are available, so applying the fix promptly is the primary mitigation step.

Compliance Impact

This vulnerability allows unauthenticated attackers to access other users' chat history, which constitutes unauthorized access to sensitive information.

Such unauthorized access to sensitive data can lead to non-compliance with common data protection standards and regulations like GDPR and HIPAA, which require strict controls to protect personal and sensitive information from unauthorized disclosure.

Therefore, if exploited, this vulnerability could result in violations of these regulations due to the exposure of sensitive user data.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7787. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart